Re-word serialization cyclic import code comments

- Try to clarify purpose and remove unimportant TODO note
- Use pylint block-level control for shorter lines, see
  http://pylint.pycqa.org/en/latest/user_guide/message-control.html#block-disables

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>

tuf/api/metadata.py

@@ -128,9 +128,9 @@ def from_file(
 
  """
  if deserializer is None:
- # Function-scope import to avoid circular dependency. Yucky!!!
- # TODO: At least move to _get_default_metadata_deserializer helper.
- from tuf.api.serialization.json import JSONDeserializer # pylint: disable=import-outside-toplevel
+ # Use local scope import to avoid circular import errors
+ # pylint: disable=import-outside-toplevel
+ from tuf.api.serialization.json import JSONDeserializer
  deserializer = JSONDeserializer()
 
  if storage_backend is None:
@@ -171,9 +171,9 @@ def to_file(self, filename: str, serializer: MetadataSerializer = None,
 
  """
  if serializer is None:
- # Function-scope import to avoid circular dependency. Yucky!!!
- # TODO: At least move to a _get_default_metadata_serializer helper.
- from tuf.api.serialization.json import JSONSerializer # pylint: disable=import-outside-toplevel
+ # Use local scope import to avoid circular import errors
+ # pylint: disable=import-outside-toplevel
+ from tuf.api.serialization.json import JSONSerializer
  serializer = JSONSerializer(True) # Pass True to compact JSON
 
  with tempfile.TemporaryFile() as temp_file:
@@ -206,10 +206,10 @@ def sign(self, key: JsonDict, append: bool = False,
  A securesystemslib-style signature object.
 
  """
- if serializer is None:
- # Function-scope import to avoid circular dependency. Yucky!!!
- # TODO: At least move to a _get_default_signed_serializer helper.
- from tuf.api.serialization.json import CanonicalJSONSerializer # pylint: disable=import-outside-toplevel
+ if signed_serializer is None:
+ # Use local scope import to avoid circular import errors
+ # pylint: disable=import-outside-toplevel
+ from tuf.api.serialization.json import CanonicalJSONSerializer
  serializer = CanonicalJSONSerializer()
 
  signature = create_signature(key, serializer.serialize(self.signed))
@@ -259,9 +259,9 @@ def verify(self, key: JsonDict,
  f'{key["keyid"]}, not sure which one to verify.')
 
  if serializer is None:
- # Function-scope import to avoid circular dependency. Yucky!!!
- # TODO: At least move to a _get_default_signed_serializer helper.
- from tuf.api.serialization.json import CanonicalJSONSerializer # pylint: disable=import-outside-toplevel
+ # Use local scope import to avoid circular import errors
+ # pylint: disable=import-outside-toplevel
+ from tuf.api.serialization.json import CanonicalJSONSerializer
  serializer = CanonicalJSONSerializer()
 
  return verify_signature(

tuf/api/serialization/json.py

@@ -15,8 +15,9 @@
 from securesystemslib.formats import encode_canonical
 
 # pylint: disable=cyclic-import
-# ... to allow de/serializing the correct metadata class here, while also
-# creating default de/serializers there (see metadata function scope imports).
+# ... to allow de/serializing Metadata and Signed objects here, while also
+# creating default de/serializers there (see metadata local scope imports).
+# NOTE: A less desirable alternative would be to add more abstraction layers.
 from tuf.api.metadata import Metadata, Signed
 from tuf.api.serialization import (MetadataSerializer,
  MetadataDeserializer,